Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5f4a66bb-3bbf-4f2d-81a1-89005f1bb7bd.roa
File:                     5f4a66bb-3bbf-4f2d-81a1-89005f1bb7bd.roa (raw, json)
Hash identifier:          VXu/2D0RCy6csk90BJemh4LLHvydWd79DHwEGU3YtUg=
Subject key identifier:   6D:28:B4:34:38:33:7C:EE:14:EA:61:A9:E4:54:87:2F:B3:D4:23:7F
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       66FBD319935F369EA8F5B95E9900541A3361B8D3
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5f4a66bb-3bbf-4f2d-81a1-89005f1bb7bd.roa
Signing time:             Tue 05 Mar 2024 00:00:00 +0000
ROA not before:           Tue 05 Mar 2024 00:00:00 +0000
ROA not after:            Tue 09 Apr 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2a01:578:1020::/43 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Mar 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:fb:d3:19:93:5f:36:9e:a8:f5:b9:5e:99:00:54:1a:33:61:b8:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Mar  5 00:00:00 2024 GMT
            Not After : Apr  9 23:59:59 2024 GMT
        Subject: serialNumber=9e769b371f68a3c455791b22a00c9696216e43998954fa793bf3fdaee0c7f7af, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:36:01:aa:98:78:0d:ad:f9:16:1d:35:90:d9:
                    27:77:1b:17:d2:95:0d:19:6d:04:4e:30:a1:0d:ff:
                    dd:3e:e6:44:8e:a0:e2:0a:18:88:e0:92:e5:52:71:
                    f3:db:27:cf:d0:e3:b5:a3:ee:62:2f:c0:5a:cd:0b:
                    3a:23:8f:d6:cc:c2:40:1c:14:7e:a3:71:ae:f4:dd:
                    79:45:03:9f:fb:a1:62:00:e7:6f:37:ca:fe:67:00:
                    15:33:4f:e3:df:50:da:25:e5:35:05:90:5e:69:d3:
                    70:ba:6c:f3:b9:fe:6c:9a:6e:a7:fe:64:91:99:a3:
                    b5:63:40:95:31:21:cf:5d:4d:f4:e4:c0:b9:99:5a:
                    d5:e6:51:2b:ee:61:97:1f:af:de:ec:2a:fe:56:ca:
                    77:79:94:9f:bb:cf:18:cd:6a:c4:78:63:74:2d:10:
                    a0:b5:05:2f:e4:4e:5e:21:4a:54:2e:df:e8:22:bc:
                    2a:3c:03:92:0d:29:e2:41:50:63:94:f4:bc:f2:7e:
                    e3:21:6a:02:b0:c0:5f:3a:86:ad:29:17:b7:76:0f:
                    81:cf:ee:f4:9a:84:91:da:47:aa:49:85:8a:ce:c4:
                    33:ae:2d:66:9e:ed:c4:31:51:01:5d:9e:80:ba:9e:
                    94:de:7e:0e:f7:cd:22:0e:e9:15:ac:23:f3:1d:28:
                    8b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:28:B4:34:38:33:7C:EE:14:EA:61:A9:E4:54:87:2F:B3:D4:23:7F
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/5f4a66bb-3bbf-4f2d-81a1-89005f1bb7bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:578:1020::/43

    Signature Algorithm: sha256WithRSAEncryption
         3e:ad:f8:21:4c:25:31:7e:39:64:c3:a2:6d:ae:b2:27:23:1a:
         f5:96:95:27:67:d2:14:1e:d0:32:f9:1d:5b:5e:0c:da:8b:0f:
         f3:8b:66:66:85:28:de:91:02:4d:f3:71:f8:17:14:ce:02:51:
         b8:de:57:37:b9:d2:de:4f:d5:6d:48:e5:65:e2:6b:86:3d:10:
         8e:59:fb:69:ea:3d:cd:ff:5e:39:7f:27:f0:4c:a8:4c:af:4c:
         32:dc:56:54:81:81:0b:03:3c:5b:ef:65:12:b1:71:a0:15:a2:
         19:cb:f3:07:56:20:8e:2a:37:db:07:b5:0f:8c:fe:3f:31:f0:
         6a:f6:04:bf:66:04:e3:30:0e:05:6d:62:e2:92:d4:f4:26:b9:
         65:54:96:f5:b9:ab:5b:f4:56:fe:7c:08:90:db:a9:0d:6e:2a:
         8c:70:39:e0:bf:17:a0:c2:4c:a6:7e:7d:44:83:c2:ec:7c:ba:
         a4:c3:c6:f0:a5:8d:28:5b:46:1a:15:28:36:66:50:1b:be:68:
         cf:e3:f5:a3:55:15:1a:13:f3:46:de:c2:ee:6f:03:ba:a1:5d:
         0f:03:cd:00:63:cf:42:8e:97:d5:ff:62:30:ee:00:55:97:bb:
         10:c9:03:01:74:ba:7f:f3:76:bd:f3:be:fe:90:47:ff:85:eb:
         a1:ab:ec:ce
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZvvTGZNfNp6o9blemQBUGjNhuNMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDAzMDUwMDAwMDBaFw0yNDA0MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDllNzY5YjM3MWY2OGEzYzQ1NTc5MWIyMmEwMGM5Njk2MjE2ZTQzOTk4OTU0
ZmE3OTNiZjNmZGFlZTBjN2Y3YWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKI2AaqYeA2t+RYdNZDZJ3cbF9KVDRltBE4woQ3/3T7mRI6g4goYiOCS5VJx
89snz9DjtaPuYi/AWs0LOiOP1szCQBwUfqNxrvTdeUUDn/uhYgDnbzfK/mcAFTNP
499Q2iXlNQWQXmnTcLps87n+bJpup/5kkZmjtWNAlTEhz11N9OTAuZla1eZRK+5h
lx+v3uwq/lbKd3mUn7vPGM1qxHhjdC0QoLUFL+ROXiFKVC7f6CK8KjwDkg0p4kFQ
Y5T0vPJ+4yFqArDAXzqGrSkXt3YPgc/u9JqEkdpHqkmFis7EM64tZp7txDFRAV2e
gLqelN5+DvfNIg7pFawj8x0oi/kCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRtKLQ0
ODN87hTqYankVIcvs9QjfzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NWY0YTY2YmItM2JiZi00ZjJkLTgxYTEtODkwMDVmMWJiN2JkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBSoBBXgQ
IDANBgkqhkiG9w0BAQsFAAOCAQEAPq34IUwlMX45ZMOiba6yJyMa9ZaVJ2fSFB7Q
MvkdW14M2osP84tmZoUo3pECTfNx+BcUzgJRuN5XN7nS3k/VbUjlZeJrhj0Qjln7
aeo9zf9eOX8n8EyoTK9MMtxWVIGBCwM8W+9lErFxoBWiGcvzB1Ygjio32we1D4z+
PzHwavYEv2YE4zAOBW1i4pLU9Ca5ZVSW9bmrW/RW/nwIkNupDW4qjHA54L8XoMJM
pn59RIPC7Hy6pMPG8KWNKFtGGhUoNmZQG75oz+P1o1UVGhPzRt7C7m8DuqFdDwPN
AGPPQo6X1f9iMO4AVZe7EMkDAXS6f/N2vfO+/pBH/4Xroavszg==
-----END CERTIFICATE-----
Generated at Thu Mar 28 02:06:40 2024 by rpki-client on console-ams.rpki-client.org